Saturday, December 24, 2011

Cyber Security Part 1 - Future of Warfare - Stuxnet

I have been meaning to write about Stuxnet for over a year now. The advent of guns, aircraft, chemical or biological weapons, and the atomic bomb caused paradigm shifts in how wars are fought and security viewed. Stuxnet is as significant in my opinion as these other developments. It represents a new kind of war, a new kind of threat, and a new necessary shift in security.  This new kind of threat can penetrate state boundaries, it is almost untraceable and undectable.

What is Stuxnet?

Stuxnet: Anatomy of a Computer Virus from Patrick Clair

Now that you have additional context about Stuxnet you can see why it is significant. The fact that it uses a zero-day exploit is not surprising, but that it used 20 different zero-day exploits is. I digress, zero-day exploits will always exist. Although a lot can be done to improve the security of a network,  networked computer systems are never impervious to attack. Often encrypted systems have been touted as unbreakable and historically a young teenager has cracked them. Recently in the news it has been confirmed that one of the U.S. most advanced drones was brought down by an Iranian cyber attack. It is currently in their possession. Advanced missile systems were not required, merely a computer system. This reminds me back in 2009 when it was reported that terrorist insurgents in Afghanistan were able to hack into the drones to gain access to "secure" videofeeds requiring little more that some $26 dollar software.  (read more)  North Korea a mostly impovershed nation even has a very capable Cyber unit, they are suspected of bringing down a prominent South Korean bank for many days. We may think these countries too underdeveloped to be a threat using technology against us. However, I think the more each of us study the capabilities of other nations the faster first world citizens will come to conclusion that, we need to take security more seriously.

The fact of the matter is I think that the first world governments and private sector needs to invest a great deal more in cyber security. Symantec a leading cyber security company found that directed cyber attacks are up 400% this year. This is the reality of our present and future, directed cyber attacks will continue to increase. If that doesn't scare you the Stuxnet virus is open source and can be downloaded and tweaked by any interested party. This has pretty scary implications.

Download Stuxnet Source Code

As I have been researching this topic in greater depth I found a number of very surprising things. I decided that in the interest of not having a post be to lengthy I will break up my findings into a couple of posts.


NessaAnn said...

We have been very interested in Stuxnet, too. I look forward to hearing your thoughts and conclusions!

Taylor said...

This is the first time I have heard of this but I am glad I know now. I am glad you are talking about this because I think it is something a lot of people are oblivious of.

Britton Stanfill said...

V - I have been thinking about writing something about Stuxnet since last Christmas. I read hours and hours of material last year about the virus and have been interested ever since. It has been interesting to me to revisit it this year. There have been many interesting developments with cyber security & cyber warfare since last year.

Taylor - I am glad you learned something new. I am not sure how many people will see my blog, but I definitely feel like this should be a priority to our government and to corporate america.

Mike and Emily said...

Britt, I think you are brilliant and I am glad to know about these things and I like you. the end.